Hi @SteveRoe,
You’re right, I did miss the attachment.
I think this is related to an interaction between your subdomain and possibly virtual hosting configuration and OJS; there are enough OJS users/hosts out there (including virtual hosting users) that I don’t think it’s 100% implicit to the software or we’d have other reports. SFU’s own hosting operation uses virtual hosting quite extensively and we haven’t encountered this.
I share your suspicion that it’s a problem with two warring cookies whose configuration is slightly different but not enough to disambiguate them for delivery in the way OJS expects. I’ve seen this happen before with paths (which led us to add the session cookie path configuration option) but in your case I think it’s subdomains rather than paths.
I recommend working to ensure that your OJS site can only be delivered via one “canonical” URL, rather than ambiguously via several. This is a recommended practice for SEO (see e.g. Multiple URLs for the same page | SEO Forum | Moz). You can use a permanent redirect header to send users who visit the non-preferred URL over to the preferred one. (See e.g. mod_rewrite docs.)
I suspect this will solve the cookie problem in the bargain.
Thanks,
Alec Smecher
Public Knowledge Project Team